SkillRisk

SkillRisk is a specialized security analysis tool designed for the AI Agent ecosystem, specifically focusing on Claude Code and Model Context Protocol (MCP) skills. As developers give AI agents more permissions (shell access, file manipulation), the risk of executing malicious code increases. SkillRisk acts as a static analysis firewall, auditing skill definitions before you install or run them. Key Features: Hook Hijacking Detection: Identifies malicious PreToolUse hooks that attempt to execute silent background commands or install malware. Permission Auditing: Flags skills requesting excessive privileges (e.g., unnecessary root/sudo access or write permissions to sensitive directories). Data Leak Prevention: Scans for hardcoded API keys, credentials, and potential data exfiltration patterns. MCP Server Integrity: Vets external MCP server configurations for known malicious endpoints. Privacy & Security: SkillRisk operates on a "Local-First" philosophy. It performs in-memory static analysis, meaning your uploaded code is processed in temporary RAM and immediately purged after the report is generated. It does not store user code. Pricing: Offers a Free Tier for basic scanning needs and a Premium plan for advanced hook redirection audits and priority support.